Go to DBLP homepageMalicious Packet Classification Based on Neural Network Using Kitsune Features
Abstract: Network Intrusion Detection Systems (NIDSes) play an important role in security operations to detect and defend against cyberattacks. As artificial intelligence (AI)-powered NIDSes are adaptive to various kinds of attacks by exploring the knowledge presented in the data, they are in high demand to treat the cyberattacks nowadays with increasing diversity and intensity. In this paper, we present a feasibility study on neural networks (NNs) -based NIDSes aiming to solve the packet classification problem – distinguishing malicious packets from benign packets while specifying a class of anomaly to which a malicious packet belongs. We employ the features defined by Kitsune – a lightweight NN-based packet anomaly detector – as inputs to our classifier. A Kitsune feature vector is composed of statistics calculated from a single packet and its predecessors using a successive algorithm. We evaluate the proposed packet classification scheme using the CSE-CIC-IDS2018 open dataset. The experimental results show that our method can achieve good performance for particular attack types so that it can meet the requirement of a practical NIDSes.
Loading